Analysis of Hancitor – When Boring Begets Beacon

Author: Brandon George What is Hancitor? Hancitor is a well-known malware loader that has been observed delivering FickerStealer, Sendsafe, and Cobalt Strike Beacon if the victim targeting conditions are met. In recent months, more threat intelligence has been gathered as to what the attackers’ goals are when Hancitor is used to deliver Cobalt Strike Beacon […]

Unemployment Fraud on the Rise

What is Unemployment Fraud? Unemployment insurance, a state-administered program that has helped countless people who suddenly found themselves without work since the beginning of the COVID-19 pandemic, is actively being taken advantage of by scammers who are looking to steal money. Unemployment Fraud is a scam that involves people stealing personal identifying information including name, […]

What Do Criminal Hackers and Scammers Discuss on Forums?

A message board or an internet forum is an online discussion site where users can communicate with the entire group of members via posted messages. These are different from chat rooms where small groups send short messages, because forum posts are often longer than chat messages and typically organized into discussion topics. These forums are […]

Top Ten CyberSafe Tips

Cybercriminals have many ways of targeting and accessing sensitive information on personal computers and corporate networks. Because cybercriminals are able to monetize their attacks for millions of dollars, there is strong incentive for them to continue to attempt to steal information and sneak past security controls. In most cases, the difference between keeping computers safe […]

The Insider Threat: Why Your Greatest Security Risk Might Be Your Employees

If you’re outside the security industry, you probably think of a cybercriminal as they are portrayed on TV and movies: a shadowy figure in a hoodie, hunched over a computer in a darkened room. The reality is, they could look like the person you just talked to in the break room in your office. That’s […]

What is the Darknet?

Author: Jarrod Suffecool We all hear about the “Darknet” and the “Deepweb” all the time when referring to the places where threat actors are hanging out online, but what do these terms really mean? While they are very similar, some differences exist. The Deepweb refers to websites which are not indexed by services like Google […]

Are you in tune? Why SIEM tuning is important

Authors: Eric Itangata and Mike Daniels A Security Information and Event Manager (SIEM) is in the traditional sense, used for central log storage. It provides a central location for an organization to review logs from disparate systems and also is a place to retain these logs per the organization’s compliance needs. The purposes of a […]

Hunting and Defeating Evasive Threats

Written by: Randy Pargman and James Quinn Threat actors spend a lot of time and energy to evade and defeat detections on their victims’ network. Threat hunters and other defenders should be aware of the sneaky techniques that are most often used and adjust their tactics to catch the threats and put a stop to their access. In this blog post, […]

Intro to Threat Hunting

If you’ve been around the information security community, you’ve probably heard the term “Threat Hunting” and considered how you can apply these techniques to enhancing the security of your organization’s network and computer systems. In this blog post, we’re going to describe what threat hunting means, how you can get started, and what you’re going […]

COVID-19 Scams Run Rampant

With the coronavirus in the news and weighing heavily on the minds of just about everyone, cyber attackers are taking advantage of people’s fears in a multitude of ways. Warnings have been issued from almost every federal agency imaginable. We have compiled an overview of some of the more widespread threat campaigns being deployed. Phishing […]

Cybercriminals Using Coronavirus Scare to Spread Malware

With all the news around COVID-19/Coronavirus, the average person is turning to the internet for real-time advice and updates about the pandemic. With the increase in web traffic, cybercriminals are taking advantage of the scare to catch people with their guard down.  By creating emails and websites that mirror, and in some cases, function, like […]

Emotet Wi-Fi Spreader Upgraded

This an update to an early article regarding the emerging cyberthreat of Emotet Wifi Spreader. Executive Summary Binary Defense analysts previously discovered a stand-alone program for spreading Emotet infections over Wi-Fi networks. Although the spreader had been recently delivered by Emotet command and control (C2) servers, the program itself had not been changed for at […]